Core Platform

Guest Experience

Revenue & Analytics

Operations

By property type

By scale

Integrations

Learn

For developers

Company

Tools

PricingCompare
Sign inGet started

Security & Compliance

Enterprise-Grade Security

Your guests' data deserves the highest protection. SwiftGuest is built on Cloudflare's global security infrastructure with encryption, access controls, and compliance at every layer.

TLS 1.3Encryption
SOC 2Ready
GDPRCompliant
PCI DSSSAQ-A
99.9%Uptime SLA

Four Pillars of Protection

How We Keep You Secure

Data Encryption

Every byte protected, everywhere.

  • TLS 1.3 for all data in transit
  • Encryption at rest in Cloudflare D1
  • Automatic certificate management and renewal
  • End-to-end encrypted API communications

Access Control

Right people, right permissions.

  • Role-Based Access Control with 5 granular roles
  • SSO integration support
  • Multi-factor authentication (MFA)
  • scrypt password hashing (memory-hard)

Infrastructure

Cloudflare edge, globally distributed.

  • Cloudflare Workers -- serverless, no patches
  • DDoS protection at 300+ data centers
  • Web Application Firewall (WAF)
  • Automatic scaling with zero cold starts

Compliance

Meeting every standard that matters.

  • GDPR compliant with right-to-erasure
  • PCI SAQ-A via tokenized payments
  • SOC 2 Type I readiness documentation
  • 72-hour breach notification commitment

Data Journey

How We Protect Your Data

Every piece of data goes through five layers of protection from the moment it enters our system.

STEP 01

Data enters through Cloudflare Edge

Every request passes through Cloudflare's global network first -- WAF rules filter malicious traffic before it reaches our application.

STEP 02

Encrypted in transit with TLS 1.3

Industry-leading encryption protects data as it moves between your browser, our API, and all internal services.

STEP 03

Authenticated and authorized

Every request is verified against your role-based permissions. Scrypt-hashed credentials and session tokens ensure only authorized access.

STEP 04

Processed in serverless isolation

Cloudflare Workers run your request in an isolated environment with no shared state -- eliminating entire categories of vulnerabilities.

STEP 05

Stored encrypted at rest

Guest data, payment references, and operational records are encrypted at rest in Cloudflare D1. No raw card data ever touches our systems.

Infrastructure

Built on Cloudflare

Serverless by design. No servers to patch, no cold starts, no single points of failure. Your data runs on the same network that protects 20% of all websites.

300+

Data Centers Worldwide

<50ms

Median API Response

0

Servers to Patch

100%

Auto-Scaling

DDoS protection at every edge location
Global anycast network for lowest latency
Zero cold starts, instant auto-scaling

FAQ

Security Questions

Where is my data stored?
Your data is stored in Cloudflare's globally distributed D1 databases. Data residency can be configured per your regional requirements. All storage is encrypted at rest.
Is SwiftGuest PCI compliant?
Yes. SwiftGuest maintains PCI SAQ-A compliance. We never store, process, or transmit raw cardholder data. All payment processing is handled by PCI-certified processors (Rapyd, Tranzila, PayPal, and Stripe) through tokenization.
How do you handle GDPR requirements?
We provide full GDPR compliance including cookie consent management, right to erasure (guest data deletion on request), data processing agreements, and a 72-hour breach notification commitment.
What authentication methods do you support?
We support email/password authentication with scrypt hashing, multi-factor authentication (MFA), and role-based access control with five granular roles: Owner, Manager, Front Desk, Housekeeping, and Read-Only.
Do you perform security audits?
We conduct annual security reviews and penetration testing. SOC 2 Type I readiness documentation is available upon request. We also maintain Channex-certified channel manager integration.
What happens if there's a security incident?
We follow a strict incident response protocol with a 72-hour notification commitment. Our infrastructure on Cloudflare includes automatic DDoS protection, WAF, and real-time threat monitoring at 300+ edge locations worldwide.

Need Security Details?

We're happy to share detailed security documentation, complete vendor questionnaires, or arrange a call with our engineering team.

Request a Security Audit